CN110266674A - A kind of Intranet access method and relevant apparatus - Google Patents

A kind of Intranet access method and relevant apparatus Download PDF

Info

Publication number
CN110266674A
CN110266674A CN201910503580.9A CN201910503580A CN110266674A CN 110266674 A CN110266674 A CN 110266674A CN 201910503580 A CN201910503580 A CN 201910503580A CN 110266674 A CN110266674 A CN 110266674A
Authority
CN
China
Prior art keywords
intranet
mobile wireless
firewall
wireless access
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910503580.9A
Other languages
Chinese (zh)
Other versions
CN110266674B (en
Inventor
范安心
黄成尧
王绪军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910503580.9A priority Critical patent/CN110266674B/en
Publication of CN110266674A publication Critical patent/CN110266674A/en
Application granted granted Critical
Publication of CN110266674B publication Critical patent/CN110266674B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

Access control of the embodiment of the present invention suitable for security protection, disclose a kind of Intranet access method and relevant apparatus, the described method includes: Intranet firewall distributing equipment receives the Intranet connection request that mobile wireless access equipment is sent, Intranet connection request carries the positioning reference information of the mobile wireless access equipment;Intranet firewall distributing equipment determines resident geographic area at mobile wireless access equipment;First Intranet firewall is determined as the matched Intranet firewall of mobile wireless access equipment by Intranet firewall distributing equipment;First IP address of the first Intranet firewall is sent to mobile wireless access equipment by Intranet firewall distributing equipment, so as to provide the service of access target Intranet after mobile wireless access equipment and the first Intranet firewall establish connection for user terminal.The access efficiency to target Intranet can be improved through the invention, while improving the safety of target Intranet resource.

Description

A kind of Intranet access method and relevant apparatus
Technical field
This application involves the communications field more particularly to a kind of Intranet access method and relevant apparatus.
Background technique
With the integration of global economy, more and more enterprises have all carried out related service in all parts of the world, this is just needed It wants the employee of enterprise to be dispatched to all parts of the world to go to office.In some office scenes, the enterprise staff in other places needs to access It obtains sharing text in some resources of company Intranet server, such as access corporate intranet webpage, access Intranet file server The file etc. stored in part folder.In traditional mode, usually pass through VPN (Virtual Private Network, virtual private Network) it realizes, it needs to establish vpn server in company Intranet, nonlocal employee connects internet in locality by mobile phone, computer etc. Afterwards, the vpn server that corporate intranet is connected by internet, then accesses corporate intranet by vpn server.On the one hand, exist When enterprise staff connects Intranet by terminals such as computers, the parameter of configured in advance connection corporate intranet VPN, such as Intranet are needed The address of vpn server, login name and password of user etc., is then dialled and is connected.User's operation it is more and wait when Between it is longer, more influence joint efficiency.On the other hand, using this kind of mode, anywhere enterprise staff is able to achieve to enterprise The access netted in the industry makes the safety of corporate intranet resource by certain threat.
Summary of the invention
The application provides a kind of Intranet access method and relevant device, and user can be improved through the invention to target Intranet Access efficiency, while improving the safety of target Intranet resource.
First aspect of the embodiment of the present invention provides a kind of Intranet access method, comprising:
Intranet firewall distributing equipment receives the Intranet connection for target Intranet that mobile wireless access equipment is sent and asks It asks, the Intranet connection request carries the positioning reference information of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines the mobile wireless access equipment institute according to the positioning reference information Resident geographic area in the mobile wireless access equipment;
The Intranet firewall distributing equipment is according to pair of the preset resident geographic area and the first Intranet firewall It should be related to, the first Intranet firewall is determined as the matched Intranet firewall of the mobile wireless access equipment, wherein institute Stating the first Intranet firewall is one in the multiple Intranet firewalls disposed for the target Intranet;
First IP address of the first Intranet firewall is sent to the movement by the Intranet firewall distributing equipment Radio reception device, so that the mobile wireless access equipment is built according to first IP address and the first Intranet firewall After vertical connection, user terminal is directed to the mesh by what the mobile wireless access equipment was sent by the first Intranet firewall The Intranet access request of mark Intranet routes to the intranet server of the target Intranet, and the first Intranet firewall will be described interior Network server responds the Intranet request response that the Intranet access request returns and is sent out by the mobile wireless access equipment It send to the user terminal.
With reference to first aspect, in the first possible implementation, the method also includes:
The Intranet firewall distributing equipment obtains the resident geographic area of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines institute from the multiple Intranet firewalls disposed for the target Intranet The corresponding first Intranet firewall in resident geographic area is stated, and it is anti-to establish the resident geographic area and first Intranet The corresponding relationship of wall with flues, the first Intranet firewall are to be in the resident geographic area in the mobile wireless access equipment In the case where, nearest for mobile wireless access equipment described in distance in multiple Intranet firewalls of target Intranet deployment Intranet firewall, or in the case where the mobile wireless access equipment is in the resident geographic area, for the mesh Mark the smallest Intranet fire prevention of network delay between the mobile wireless access equipment in multiple Intranet firewalls of Intranet deployment Wall.
With reference to first aspect, in the second possible implementation, the method also includes:
The Intranet firewall distributing equipment periodically obtains the real-time geographical locations of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines institute in the real-time geographical locations according to the mobile wireless access equipment When stating mobile wireless access equipment and being transferred to except the resident geographic area, Xiang Suoshu the first Intranet firewall, which is sent, is directed to institute The disconnecting instruction of mobile wireless access equipment is stated, so that the first Intranet firewall is instructed according to the disconnecting, Disconnect the connection with the mobile wireless access equipment.
With reference to first aspect, in the third possible implementation, the Intranet firewall distributing equipment is by described First IP address of one Intranet firewall is sent to before the mobile wireless access equipment, further includes:
The Intranet firewall distributing equipment obtain the mobile wireless access equipment equipment identity information and/or with institute State the terminal identity information of the user terminal of mobile wireless access equipment connection;
First IP address of the first Intranet firewall is sent to the movement by the Intranet firewall distributing equipment Radio reception device includes:
The Intranet firewall distributing equipment according to the equipment identity information to the mobile wireless access equipment into After capable authentication passes through, and/or, what is connect according to the terminal identity information pair with the mobile wireless access equipment After the authentication that user terminal carries out passes through, the first IP address of the first Intranet firewall is sent to the mobile nothing Line access device.
With reference to first aspect, in the fourth possible implementation, the resident geography of the mobile wireless access equipment Region includes multiple;
The method also includes:
The Intranet firewall distributing equipment periodically obtains the real-time geographical locations of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines the mobile wireless access equipment according to the real-time geographical locations When switching between multiple resident geographic areas of the mobile wireless access equipment, cut according to the mobile wireless access equipment The preset corresponding relationship of second Intranet firewall of resident geographic area and the target Intranet after changing, in described second Net firewall is determined as in multiple Intranet firewalls for target Intranet deployment, and the mobile wireless access equipment is cut Change the matched Intranet firewall of institute behind resident geographic area;
The Intranet firewall distributing equipment is determining the first Intranet firewall and the second Intranet firewall not When consistent, the second IP address of the second Intranet firewall is sent to the mobile wireless access equipment, so that the shifting Dynamic radio reception device establishes connection according to second IP address and the second Intranet firewall, and disconnects and described first The connection of Intranet firewall.
Second aspect of the embodiment of the present invention provides a kind of Intranet access method, which comprises
Mobile wireless access equipment sends the Intranet connection request for being directed to target Intranet to Intranet firewall distributing equipment, with The positioning for the mobile wireless access equipment for making the Intranet firewall distributing equipment include according to the Intranet connection request Reference information determines the resident geographic area of the mobile wireless access equipment at the mobile wireless access equipment, institute Intranet firewall distributing equipment is stated according to the resident geographic area of the mobile wireless access equipment and for the target Intranet The first Intranet firewall is determined as the target by the preset corresponding relationship of the first Intranet firewall of deployment In multiple Intranet firewalls of Intranet deployment, the matched Intranet firewall of mobile wireless access equipment;
The mobile wireless access equipment receives first Intranet fire prevention that the Intranet firewall distributing equipment is sent First IP address of wall, and according to first IP address, Xiang Suoshu the first Intranet firewall sends the connection of the first firewall and asks It asks, so that the first Intranet firewall is established according to the first firewall connection request and the mobile wireless access equipment Connection;
The mobile wireless access equipment is accessed in the Intranet for the target Intranet for receiving user terminal transmission After request, the Intranet access request is routed to the Intranet service of the target Intranet by the first Intranet firewall Device;
The mobile wireless access equipment passes through institute receiving the intranet server and respond the Intranet access request After the Intranet request response for stating the return of the first Intranet firewall, the Intranet request response is sent to the user Terminal.
In conjunction with second aspect, in the first possible implementation, the resident geography of the mobile wireless access equipment Region includes multiple;
The method also includes:
The mobile wireless access equipment obtains the real-time geographical locations of the mobile wireless access equipment;
The mobile wireless access equipment is determining that the mobile wireless access equipment exists according to the real-time geographical locations When switching between multiple resident geographic areas of the mobile wireless access equipment, Xiang Suoshu Intranet firewall distributing equipment is sent The firewall switching request of the real-time geographical locations is carried, so that the Intranet firewall distributing equipment is to the mobile nothing After being verified of the real-time geographical locations of line access device, according to the resident geography after mobile wireless access equipment switching The preset corresponding relationship of second Intranet firewall of region and the target Intranet, the second Intranet firewall is determined as In multiple Intranet firewalls for target Intranet deployment, the mobile wireless access equipment switches resident geographic area The matched Intranet firewall of institute afterwards, the Intranet firewall distributing equipment are also determining the first Intranet firewall and described the When two Intranet firewalls are inconsistent, the second IP address of the second Intranet firewall is sent to the mobile wireless access and is set It is standby;
The mobile wireless access equipment sends second to the second Intranet firewall according to second IP address and prevents Wall with flues connection request, so that the second Intranet firewall is established and the movement according to the second firewall connection request The connection of radio reception device;
The mobile wireless access equipment disconnects the connection with the first Intranet firewall.
The third aspect of the embodiment of the present invention provides a kind of mobile wireless access equipment, comprising:
Request transmitting unit, for sending the Intranet connection request for being directed to target Intranet to Intranet firewall distributing equipment, So that the mobile wireless access equipment that the Intranet firewall distributing equipment includes according to the Intranet connection request is determined Position reference information, determines the resident geographic area of the mobile wireless access equipment at the mobile wireless access equipment, The Intranet firewall distributing equipment is also according to the resident geographic area of the mobile wireless access equipment and for the target The preset corresponding relationship of first Intranet firewall of Intranet deployment, the first Intranet firewall is determined as described In multiple Intranet firewalls of target Intranet deployment, the matched Intranet firewall of mobile wireless access equipment;
Connection establishment unit, for receiving the first Intranet firewall that the Intranet firewall distributing equipment is sent First IP address, and according to first IP address, Xiang Suoshu the first Intranet firewall sends the first firewall connection request, with The first Intranet firewall is set to establish connection according to the first firewall connection request and the mobile wireless access equipment;
Message transmission unit, in the Intranet access request for the target Intranet for receiving user terminal transmission Afterwards, the Intranet access request is routed to the intranet server of the target Intranet by the first Intranet firewall;
The message transmission unit is also used to pass through receiving the intranet server and respond the Intranet access request After the Intranet request response that the first Intranet firewall returns, the Intranet request response is sent to the use Family terminal.
Fourth aspect, the present invention provides a kind of mobile wireless access equipment, including processor, memory and communication to connect Mouthful, the processor, memory and communication interface are connected with each other, wherein the communication interface is for sending and receiving data, institute Memory is stated for storing program code, for calling said program code, said program code is worked as to be calculated the processor Machine makes the computer execute any one in above-mentioned second aspect and each possible implementation of second aspect when executing Method.
5th aspect, the present invention provides a kind of computer storage medium, the computer storage medium is stored with calculating Machine program, the computer program include program instruction, and described program instruction when executed by a computer holds the computer The above-mentioned first aspect of row and each possible implementation of first aspect and above-mentioned second aspect and each possibility of second aspect Implementation in any one method.
In the embodiment of the present invention, Intranet firewall distributing equipment is receiving mobile wireless access equipment for target Intranet Intranet connection request when, according to Intranet connection request carry positioning reference information determine at mobile wireless access equipment Resident geographic area the first Intranet is prevented according to the corresponding relationship of preset resident geographic area and the first Intranet firewall Wall with flues distributes to mobile wireless access equipment, so as to be after mobile wireless access equipment and the first Intranet firewall establish connection The user terminal being connected with mobile wireless access equipment provides the service of the intranet server in access target Intranet.By this reality Example is applied, user, without configuring any parameter, improves the access efficiency for target Intranet, simultaneously before access target Intranet Intranet firewall distributing equipment is determining mobile wireless access equipment for the preset resident geography of mobile wireless access equipment It is the Intranet firewall for the target Intranet that mobile wireless access equipment recommendation is connected, if not in permanent residence when in regional scope When managing region, it may be implemented to limit the connection that mobile wireless access equipment is directed to target Intranet according to geographical location, improve mesh The safety of network internal resource in marking.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for ability For the those of ordinary skill of domain, without creative efforts, it can also be obtained according to these attached drawings other attached Figure.
Fig. 1 is the block schematic illustration that a kind of Intranet provided in an embodiment of the present invention accesses system;
Fig. 2 is a kind of system interaction schematic diagram of Intranet access method provided in an embodiment of the present invention;
Fig. 3 is the system interaction schematic diagram of another Intranet access method provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of mobile wireless access equipment provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram of another mobile wireless access equipment provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that the described embodiment is only a part of the embodiment of the present invention, instead of all the embodiments.Based on this Embodiment in invention, every other reality obtained by those of ordinary skill in the art without making creative efforts Example is applied, shall fall within the protection scope of the present invention.
Fig. 1 is the block schematic illustration that a kind of Intranet provided in an embodiment of the present invention accesses system, as shown, in the Intranet It accesses in system framework, Intranet firewall 1, Intranet firewall 2 and Intranet firewall 3 are in 3 disposed for target Intranet Net firewall, mobile wireless access equipment 1 and mobile wireless access equipment 2 are connected with Intranet firewall 1 respectively, mobile wireless Access device 3 is connected with Intranet firewall 3, and user terminal 1 is connected with mobile wireless access equipment 2, user terminal 2 and shifting Dynamic radio reception device is connected.
Here, target Intranet be will be each in one of specific enterprise, particular organization, specific school etc. local geographic range The local communication network that kind computer, server and database etc. are interconnected.Terminal or server in target Intranet When being that terminal or server etc. in the target Intranet are communicated, realized by data link layer, communication information is not necessarily to By the routing of router;When being that terminal or server outside the target Intranet are communicated, realized by network layer, mesh The communication information that terminal or server in mark Intranet are sent is needed by router after network address translation, routes to institute The terminal or server outside target Intranet are stated, the communication information that the terminal or server outside target Intranet return needs router to pass through After crossing network address translation, the terminal or server of target Intranet are routed to.
Here, for target Intranet deployment Intranet firewall can be deployed in all parts of the world for disengaging target in The firewall that the data packet of net is filtered, Intranet firewall are connected by wide area network with the router of target Intranet, in turn The connection of the intranet server of target Intranet is implemented in by the router of target Intranet.
Here, mobile wireless access equipment is moveable, can emit wireless network signal, and has the nothing of routing function Line access device.Mobile wireless access equipment will (Subscriber Identification Module be used by insertion SIM Family identification) it is clamped into data network, cable network can also be accessed by way of being inserted into cable, connection can also be passed through The mode of WIFI accesses wireless network.User terminal can access the wireless network and movement nothing of the transmitting of mobile wireless access equipment The connection of line access device.
Here, Intranet firewall distributor can be with the domain name mapping function for target Intranet, and store There is the equipment of each firewall IP address and deployed position for the deployment of target Intranet, such as GTM (Global Traffic Manager, global traffic management) equipment etc..
Here, user terminal can be to include laptop, mobile phone, tablet computer etc. with wireless network receive capabilities Terminal device.
Referring to fig. 2, Fig. 2 is a kind of system interaction schematic diagram of Intranet access method provided in an embodiment of the present invention, is such as schemed It is shown, the method may include:
S201, Intranet connection of the mobile wireless access equipment to the transmission of Intranet firewall distributing equipment for target Intranet are asked It asks.
Specifically, the mobile wireless access equipment can be after the starting that is triggered, i.e., to the Intranet firewall point Preparation is arranged and send Intranet connection request, is also possible to the function enabled instruction in the access target Intranet for receiving user's transmission Afterwards, Xiang Suoshu Intranet firewall distributing equipment sends Intranet connection request, can also be and is receiving connected user terminal Send be directed to target Intranet Intranet access request when, Xiang Suoshu Intranet firewall distributing equipment transmission Intranet connection request. The Intranet connection request can carry the Intranet domain name of the target Intranet, so that the Intranet firewall distributing equipment is to institute It states after Intranet domain name parsed, is determined as the Intranet connection request for target Intranet.
Here, the Intranet connection request carries the positioning reference information of the mobile wireless access equipment, the positioning Reference information can be the IP address of the mobile wireless access equipment, GPS data, WIFI access-in point information, connection base station letter Breath etc..
S202, the Intranet firewall distributing equipment are set according to the mobile wireless access carried in the Intranet connection request Standby positioning reference information determines resident geographic area at the mobile wireless access equipment.
Here, different mobile wireless access equipment has different corresponding resident geographic areas, described herein resident Geographic area is the resident geographic area for the mobile wireless access equipment.The permanent residence of the mobile wireless access equipment Reason region may include multiple, and the Intranet firewall distributing equipment can join according to the positioning of the mobile wireless access equipment It examines information and determines resident geographic area at the mobile wireless access equipment.
Specifically, the Intranet firewall distributing equipment determines the mobile wireless access according to the positioning reference information The geographical location of equipment, according to the geographical location determine the mobile wireless access equipment at resident geographic area. Such as, if the positioning reference information is the IP address of the mobile wireless access equipment, the Intranet firewall distributing equipment can To determine the geographical location of the mobile wireless access equipment according to the IP address by IP location technology, if the positioning is joined The connection base station information that information is the mobile wireless access equipment is examined, the Intranet firewall can pass through base station location technology The geographical location of the mobile wireless access equipment is determined by the connection base station information, it is then true according to the geographical location Resident geographic area at the fixed mobile wireless access equipment.
S203, the Intranet firewall distributing equipment is according to the preset resident geographic area and the first Intranet firewall Corresponding relationship, the first Intranet firewall is determined as the matched Intranet firewall of the mobile wireless access equipment.
Specifically, the Intranet firewall distributing equipment obtains the mobile wireless access equipment before step S203 Resident geographic area, for example, the safety in order to guarantee the target Intranet, the resident geographic area can be in described The administrator's input for the mobile wireless access equipment that net firewall distributing equipment receives connects for the mobile wireless Enter the secure access area that equipment specifically allows, is dangerous access region other than the resident geographic area;For another example, described Resident geographic area is that the Intranet firewall distributing equipment is united according to the history access locations of the mobile wireless access equipment The resident geographic area for counting the obtained mobile wireless access equipment, is also possible to the mobile wireless access equipment to itself The resident geographic area that counts of history access locations, be then sent to the Intranet firewall distributing equipment.
After the Intranet firewall distributing equipment obtains the resident geographic area of the mobile wireless access equipment, from being directed to The corresponding first Intranet fire prevention in the resident geographic area is determined in multiple Intranet firewalls of the target Intranet deployment Wall, and establish the corresponding relationship of the resident geographic area and the first Intranet firewall.In a kind of optional implementation, The Intranet firewall distributing equipment is anti-according to the resident geographic area and for each Intranet of target Intranet deployment The deployed position of wall with flues will be set for mobile wireless access described in distance in multiple Intranet firewalls of target Intranet deployment It is right in the case where the mobile wireless access equipment is in the resident geographic area that standby nearest Intranet firewall is determined as The the first Intranet firewall answered.In another optional implementation, it is in described in the mobile wireless access equipment In the case where resident geographic area, the Intranet firewall distributing equipment can will be disposed multiple interior for the target Intranet The smallest Intranet firewall of network delay determines first Intranet between the mobile wireless access equipment in net firewall Firewall.In the case that the mobile wireless access equipment is in the resident geographic area, the target Intranet it is each in Network delay between net firewall and the mobile wireless access equipment, can be according to each with the mobile wireless access equipment When item performance other mobile wireless access equipment all the same are in the resident geographic area, the Intranet with the target Intranet The network delay approximate estimation of firewall connection determines, can also be according to each of the resident geographic area and the target Intranet The length approximate estimation of information delivery media and information delivery media between a Intranet firewall determines.
First IP address of the first Intranet firewall is sent to described by S204, the Intranet firewall distributing equipment Mobile wireless access equipment.
Optionally, before step S204, the mobile wireless access equipment is by the equipment of the mobile wireless access equipment The terminal identity information of identity information and/or the user terminal is sent to the Intranet firewall distributing equipment, step S204 In, the Intranet firewall distributing equipment is in the body carried out according to the equipment identity information to the mobile wireless access equipment After part is verified, and/or, after the authentication carried out according to the terminal identity information to the user terminal passes through, First IP address of the first Intranet firewall is sent to the mobile wireless access equipment.The mobile wireless access is set Standby equipment identity information can be access device identification code, the digital certificate, the movement of the mobile wireless access equipment The access device user name and access device password, the mobile wireless access for user's input that radio reception device receives are set The biological information etc. for authentication of the standby user's input received.The terminal identity information can be the use The terminal user name for user's input that Terminal Equipment Identifier, digital certificate, the user terminal of family terminal receive and end The biological information for authentication etc. for user's input that end password, the user terminal receive.It prevents fires in Intranet It, can be into the authentication of mobile wireless access equipment before first IP address is sent to mobile wireless device by wall distributing equipment One step ensures the safety of resource in target Intranet.
S205, the mobile wireless access equipment is established according to first IP address and the first Intranet firewall to be connected It connects.
Specifically, the mobile wireless access equipment is according to first IP address, Xiang Suoshu the first Intranet firewall hair Firewall connection request is sent, so that the first Intranet firewall sets the mobile access according to the firewall connection request After standby authentication passes through, the connection with the mobile wireless access equipment is established.
In a kind of implementation, the access device of the mobile wireless access equipment is carried in the firewall connection request Identification code, such as MAC Address, the first Intranet firewall are determining that the access device identification code is preset to allow to connect When entering one of them in EIC equipment identification code, determination passes through the authentication of the mobile wireless access equipment.
User, which is carried, in another implementation, in the firewall connection request passes through the mobile wireless access equipment The username and password of input, the first Intranet firewall determine the username and password be it is preset allow connect use In name in an account book and password wherein one group when, determination the authentication of the mobile wireless access equipment is passed through.
In another implementation, the number card of the mobile wireless access equipment is carried in the firewall connection request Book, the first Intranet firewall is according to the hair of the access device digital certificate carried in the access device digital certificate Cloth side's information determines the certificate publisher of the access device digital certificate;The first Intranet firewall obtains the certificate After publisher's digital certificate of publisher, by the publisher's public key for including in publisher's digital certificate, and described in use Publisher's public key is decrypted the digital signature in the access device digital certificate to obtain the access device digital certificate Certificate fingerprint, the first Intranet firewall carries out the access device digital certificate will use specified hash algorithm Hash calculation obtains digital certificate cryptographic Hash;The first Intranet firewall is determining the first Intranet firewall progress Hash When the digital certificate cryptographic Hash being calculated is consistent with the access device certificate fingerprint, determination sets the mobile wireless access Standby authentication passes through.
It is based on specifically, the mobile wireless access equipment initiates three-way handshake with the first Intranet firewall foundation The connection of ICP/IP protocol, the specific steps are as follows: the mobile wireless access equipment sends SYN to the first Intranet firewall (Synchronize Sequence Numbers, synchronizing sequence number) data packet;The first Intranet firewall receives institute After stating SYN data packet, Xiang Suoshu mobile wireless access equipment sends SYN+ACK, and (ACKnowledge Character confirms word Symbol) data packet;After the mobile wireless access equipment receives the SYN+ACK data packet, Xiang Suoshu the first Intranet firewall Feeding back ACK data packet;After the first Intranet firewall receives the ack msg packet of the mobile wireless access equipment feedback, Connection between the mobile wireless access equipment and the first Intranet firewall, which is established, to be completed.
S206, user terminal send the Intranet access request for being directed to target Intranet to the mobile wireless access equipment.
Specifically, the user terminal can send wireless network to the mobile wireless access equipment before step S206 Network connection request, the mobile wireless access equipment directly can establish connection with the user terminal, can also be by described After the user terminal identity information that wireless network connection request carries is verified, the connection with the user terminal is established.Institute Stating user terminal identity information can set for the access mobile wireless access for user's input that the user terminal receives The user name and password of the standby wireless network established can also be the biological characteristic letter for user's input that user terminal receives Breath can also be the Terminal Equipment Identifier information of the user terminal.
It is understood that step S206 can after the mobile wireless access equipment and the user terminal establish connection It is executed with any time before step S207.
The Intranet access request is sent to the first Intranet firewall by S207, the mobile wireless access equipment.
Specifically, the Intranet access request is the access request for the server in target Intranet, such as institute State the access request of Web server in target Intranet, for the access request of ftp server in the target Intranet, for institute State the access request etc. of mail server in target Intranet.
The Intranet access request is routed to the Intranet service of the target Intranet by S208, the first Intranet firewall Device.
Specifically, the first Intranet firewall receives the Intranet access request that the mobile wireless access equipment is sent Later, the Intranet access request is sent to the router of the target Intranet, the routing of the target Intranet by outer net The Intranet access request is routed to corresponding intranet server in the target Intranet by the target Intranet by device.
S209, Intranet of the intranet server to Intranet access request described in the first Intranet firewall returning response Request response.
Specifically, after the intranet server responds the Intranet access request generation Intranet request response, by institute State the router that Intranet request response is sent to the target Intranet by the target Intranet, the road of the target Intranet The Intranet request response is sent to by the first Intranet firewall by outer net by device.For example, if the Intranet is visited Ask that request is certain file in request target Intranet in file server, then the Intranet request response can be text This document that part server is sent.
The Intranet request response is sent to the mobile wireless access and set by S210, the first Intranet firewall It is standby.
The Intranet request response is sent to the user terminal by S211, the mobile wireless access equipment.
Optionally, when the resident geographic area of the mobile wireless access equipment includes multiple, the mobile wireless is connect Enter equipment and after the first Intranet firewall establishes connection, the reality of the mobile wireless access equipment itself can be obtained in real time When geographical location, and monitor whether itself switches between multiple resident geographic areas according to the real-time geographical locations of itself;If When determining that the mobile wireless access equipment switches between the multiple resident geographic areas of itself, Xiang Suoshu Intranet firewall point Preparation is arranged and send the firewall switching request for carrying the real-time geographical locations, the Intranet firewall distributing equipment is to described After the real-time geographical locations of mobile wireless access equipment are verified, according to resident after mobile wireless access equipment switching The preset corresponding relationship of second Intranet firewall of geographic area and the target Intranet, the second Intranet firewall is true It is set in multiple Intranet firewalls for target Intranet deployment, the resident geography of mobile wireless access equipment switching The matched Intranet firewall of institute behind region, the Intranet firewall distributing equipment are determining the first Intranet firewall and described When second Intranet firewall is inconsistent, the second IP address of the second Intranet firewall is sent to the mobile wireless access Equipment after the mobile wireless access equipment establishes connection according to second IP address and the second Intranet firewall, is broken Open the connection with the first Intranet firewall.
Here, the corresponding relationship of the resident geographic area after the switching and the second Intranet firewall can be refering to step In rapid S203, the foundation of the corresponding relationship of resident geographic area and the first Intranet firewall before switching is no longer superfluous herein It states.
The mobile wireless access equipment is initiated four disconnections of waving and is connect with the TCP/IP of the first Intranet firewall, Specific step is as follows: the mobile wireless access equipment sends FIN (Finish to the first Intranet firewall Character, termination character) data packet;After the first Intranet firewall receives the FIN data packet, to the movement Radio reception device sends ack msg packet;The first Intranet firewall sends FIN data to the mobile wireless access equipment Packet;After the mobile wireless access equipment receives the FIN data packet, Xiang Suoshu the first Intranet firewall sends ack msg Packet;After the first Intranet firewall distributing equipment receives the ack msg packet, the mobile wireless access equipment with it is described Connection between first Intranet firewall, which disconnects, to be completed.
In the embodiment of the present invention, Intranet firewall distributing equipment is receiving mobile wireless access equipment for target Intranet Intranet connection request when, according to Intranet connection request carry positioning reference information determine at mobile wireless access equipment Resident geographic area the first Intranet is prevented according to the corresponding relationship of preset resident geographic area and the first Intranet firewall Wall with flues distributes to mobile wireless access equipment, so as to be after mobile wireless access equipment and the first Intranet firewall establish connection The user terminal being connected with mobile wireless access equipment provides the service of the intranet server in access target Intranet.By this reality Example is applied, user, without configuring any parameter, improves the access efficiency for target Intranet, simultaneously before access target Intranet Intranet firewall distributing equipment is determining mobile wireless access equipment for the preset resident geography of mobile wireless access equipment It is the Intranet firewall for the target Intranet that mobile wireless access equipment recommendation is connected, if not in permanent residence when in regional scope When managing region, it may be implemented to limit the connection that mobile wireless access equipment is directed to target Intranet according to geographical location, improve mesh The safety of network internal resource in marking.
Refering to Fig. 3, Fig. 3 is the system interaction schematic diagram of another Intranet access method provided in an embodiment of the present invention, such as Shown in figure, the Intranet access method may include:
S301, Intranet connection of the mobile wireless access equipment to the transmission of Intranet firewall distributing equipment for target Intranet are asked It asks.
S302, the Intranet firewall distributing equipment are set according to the mobile wireless access carried in the Intranet connection request Standby positioning reference information determines the first resident geographic area at the mobile wireless access equipment.
Specifically, the mobile wireless access that the Intranet firewall distributing equipment is got is set before step S302 Standby resident geographic area have it is multiple, the first resident geographic area be one of those.In step S302, the movement nothing Line access device is moved as described in determining IP address, GPS data according to the positioning reference information of the mobile wireless access equipment The geographical location of dynamic radio reception device, it is corresponding multiple in the mobile wireless access equipment according to geographical location determination It is the first resident geographic area at the mobile wireless access equipment in resident geographic area.
S303, the Intranet firewall distributing equipment are anti-according to the preset first resident geographic area and the first Intranet The first Intranet firewall is determined as the matched Intranet of the mobile wireless access equipment and prevented fires by the corresponding relationship of wall with flues Wall.
Specifically, for the mobile wireless access equipment resident geographic area have it is multiple, it is described before step S303 Intranet firewall distributing equipment is respectively the Intranet firewall of the corresponding target Intranet of each resident geography Region Matching, and Establish each resident geographic area with matched Intranet firewall corresponding relationship.In a kind of implementation, it is described it is each often In the corresponding Intranet firewall in geographic area be when the mobile wireless access equipment is in each resident geographic area, With the mobile wireless access equipment apart from the smallest Intranet firewall;In another implementation, the resident geographic area Corresponding Intranet firewall is when the mobile wireless access equipment is in each resident geographic area, with the movement The smallest Intranet firewall of network delay between radio reception device.Wherein, each resident geographic area and matched Intranet The corresponding relationship of firewall includes the corresponding relationship of the described first resident geographic area and the first Intranet firewall, Yi Jibu Second Intranet of resident geographic area and the target Intranet after mobile wireless access equipment switching described in rapid S311 is prevented fires The preset corresponding relationship of wall.
In step S303, the Intranet firewall distributing equipment is corresponding multiple resident from the mobile wireless access equipment In geographic area and institute's corresponding relationship of matched Intranet firewall, Intranet corresponding to the acquisition first resident geographic area Firewall, i.e. the first Intranet firewall.
First IP address of the first Intranet firewall is sent to described by S304, the Intranet firewall distributing equipment Mobile wireless access equipment.
S305, the mobile wireless access equipment is established according to first IP address and the first Intranet firewall to be connected It connects.
S306, the Intranet firewall distributing equipment periodically obtain the real-time geographic of the mobile wireless access equipment Position.
Here, the real-time geographical locations of the mobile wireless access equipment can be logical for the Intranet firewall distributing equipment Cross what location technology obtained.If the real-time geographical locations of the mobile wireless access equipment are mobile wireless access equipment hair The Intranet firewall distributing equipment is given, to guarantee the target Intranet only in the resident of the mobile wireless access equipment It is connected in geographic area by the mobile wireless access equipment, and then guarantees the safety of resource in the target Intranet, it is described After Intranet firewall distributing equipment receives the real-time geographical locations that the mobile wireless access equipment is sent, need to pass through positioning After technology verifies the real-time geographical locations, step S307 is executed.
S307, the Intranet firewall judge whether the mobile wireless access equipment is located according to the real-time geographical locations In in the preset multiple resident geographic areas of the mobile wireless access equipment.
If judging result is no in step S307, step S308 is executed, if the determination result is YES, executes step S309.
S308, the Intranet firewall distributing equipment send to the first Intranet firewall and connect for the mobile wireless Enter the disconnecting instruction of equipment.
S309, the first Intranet firewall are instructed according to the disconnecting, and disconnection is set with the mobile wireless access Standby connection.
Specifically, being established between the first Intranet firewall and the mobile wireless access equipment before step S309 Connection based on TCP/IP, in step S309, the first Intranet firewall initiates to wave for four times according to disconnecting instruction Ment is opened to be connect with the TCP/IP of the mobile wireless access equipment.Specific implementation please refers in the corresponding embodiment of Fig. 2, Mobile wireless access equipment described in step S211 initiates four times and waves to disconnect the TCP/ between the first Intranet firewall The step of IP connection, details are not described herein again.
S310, the Intranet firewall according to the real-time geographical locations judge the mobile wireless access equipment whether Switch between multiple resident geographic areas of the mobile wireless access equipment.
If judging result is no in step S310, it is not processed, if the determination result is YES, executes step S311.
S311, the Intranet firewall distributing equipment is according to the resident geographic region after mobile wireless access equipment switching The preset corresponding relationship of second Intranet firewall of domain and the target Intranet, the second Intranet firewall is determined as In the multiple Intranet firewalls disposed for the target Intranet, after the mobile wireless access equipment switches resident geographic area The matched Intranet firewall of institute.
S312, the Intranet firewall distributing equipment are determining the first Intranet firewall and second Intranet fire prevention When wall is inconsistent, the second IP address of the second Intranet firewall is sent to the mobile wireless access equipment.
S313, the mobile wireless access equipment is established according to second IP address and the second Intranet firewall to be connected It connects, and disconnects the connection with the first Intranet firewall.
In the embodiment of the present invention, the first Intranet of mobile wireless access equipment and Intranet firewall distributing equipment distribution After firewall establishes connection, the Intranet firewall distributing equipment to the real-time geographical locations of the mobile wireless access equipment into Row monitoring is transferred to other than the resident geographic area of the mobile wireless access equipment when the determining mobile wireless access equipment When, it indicates that the first Intranet firewall disconnects the connection with the mobile wireless access equipment, makes the mobile wireless access Equipment stops providing the service of access target Intranet for connected user terminal, has efficiently controlled in user terminal access target The position of net improves the safety of resource in target Intranet.Simultaneously in the Intranet firewall distributing equipment according to The real-time geographical locations of mobile wireless access equipment determine the mobile wireless access equipment between multiple resident geographic areas When switching, the Intranet firewall distributing equipment promotes the resident geographic area institute after switching for the mobile wireless access equipment Matched Intranet firewall makes the Intranet firewall being connected with the mobile wireless access equipment always apart from the mobile nothing Line access device is nearest, or with mobile wireless access house grace more the smallest than network delay, ensure that user terminal passes through The access network quality that the connection of mobile wireless access equipment and Intranet firewall accesses to the target Intranet.
Referring to fig. 4, Fig. 4 is a kind of structural schematic diagram of mobile wireless access equipment provided in an embodiment of the present invention, is such as schemed Shown, the mobile wireless access equipment 40 at least may include request transmitting unit 401, connection establishment unit 402 and message Transmission unit 403, in which:
Request transmitting unit 401 is asked for the Intranet connection to the transmission of Intranet firewall distributing equipment for target Intranet It asks, so that the mobile wireless access equipment that the Intranet firewall distributing equipment includes according to the Intranet connection request Reference information is positioned, determines the resident geographic region of the mobile wireless access equipment at the mobile wireless access equipment Domain, the Intranet firewall distributing equipment is also according to the resident geographic area of the mobile wireless access equipment and for the mesh The preset corresponding relationship for marking the first Intranet firewall of Intranet deployment, the first Intranet firewall is determined as institute In the multiple Intranet firewalls for stating the deployment of target Intranet, the matched Intranet firewall of mobile wireless access equipment.
Connection establishment unit 402, first Intranet fire prevention sent for receiving the Intranet firewall distributing equipment First IP address of wall, and according to first IP address, Xiang Suoshu the first Intranet firewall sends the connection of the first firewall and asks It asks, so that the first Intranet firewall is established according to the first firewall connection request and the mobile wireless access equipment Connection.
Message transmission unit 403, for being accessed in the Intranet for the target Intranet for receiving user terminal transmission After request, the Intranet access request is routed to the Intranet service of the target Intranet by the first Intranet firewall Device.
The message transmission unit 403 is also used to receiving the intranet server response Intranet access request After the Intranet request response returned by the first Intranet firewall, the Intranet request response is sent to institute State user terminal.
In the specific implementation, the mobile wireless access equipment can execute such as Fig. 2 by each functional module built in it Each step that mobile wireless access equipment described in Intranet access method to Fig. 3 executes, specific implementation details see Fig. 2 The realization details of each step into the corresponding embodiment of Fig. 3, details are not described herein again.
In the embodiment of the present invention, request transmitting unit is sent to Intranet firewall distributing equipment in target Intranet After net connection request, the positioning reference information that Intranet firewall distributing equipment is carried according to Intranet connection request determines mobile wireless Resident geographic area at access device, and closed according to preset resident geographic area is corresponding with the first Intranet firewall System, is sent to connection establishment unit for the first IP address of the first Intranet firewall, connection establishment unit is according to the first IP It is the user being connected with mobile wireless access equipment by message transmission unit after address and the first Intranet firewall establish connection Terminal provides the service of the intranet server in access target Intranet.Through this embodiment, user is before access target Intranet Without configuring any parameter, the access efficiency for target Intranet is improved, Intranet firewall distributing equipment is determining mobile nothing For line access device when in the preset resident geographical coverage area of mobile wireless access equipment, firewall determination unit is to move Dynamic radio reception device recommends the Intranet firewall for the target Intranet being connected, if not may be implemented at resident geographic area The connection that mobile wireless access equipment is directed to target Intranet is limited according to geographical location, improves the peace of network internal resource in target Quan Xing.
Referring to Fig. 5, Fig. 5 is the structural schematic diagram of another mobile wireless access equipment provided in an embodiment of the present invention, such as Shown in figure, the mobile wireless access equipment 50 includes processor 501, memory 502 and communication interface 503.Processor 501 It is connected to memory 502 and communication interface 503, such as processor 501 memory 502 can be connected to by bus and communication connects Mouth 503.
Processor 501 is configured as that the mobile wireless access equipment is supported to execute Intranet access side described in Fig. 2-Fig. 3 The corresponding function of mobile wireless access equipment described in method.The processor 501 can be central processing unit (Central Processing Unit, CPU), network processing unit (Network Processor, NP), hardware chip or any combination thereof. Above-mentioned hardware chip can be specific integrated circuit (Application-Specific Integrated Circuit, ASIC), Programmable logic device (Programmable Logic Device, PLD) or combinations thereof.Above-mentioned PLD can be complex programmable Logical device (Complex Programmable Logic Device, CPLD), field programmable gate array (Field- Programmable Gate Array, FPGA), Universal Array Logic (Generic Array Logic, GAL) or its any group It closes.
Memory 502 is for storing program code etc..Memory 502 includes internal storage, and internal storage can wrap Include at least one of following: volatile memory (such as dynamic random access memory (DRAM), static state RAM (SRAM), synchronize it is dynamic State RAM (SDRAM) etc.) and nonvolatile memory (such as disposable programmable read only memory (OTPROM), programming ROM (PROM), erasable programmable ROM (EPROM), electrically erasable ROM (EEPROM).Memory 502 can also include outer Portion's memory, external memory may include at least one of following: hard disk (Hard Disk Drive, HDD) or solid state hard disk (Solid-State Drive, SSD), flash drive, for example, high density flash memory (CF), secure digital (SD), miniature SD, mini SD, Extreme digital (xD), memory stick etc..
The communication interface 503 is for receiving or sending data.
Processor 501 can call said program code to execute following operation:
The Intranet connection request for being directed to target Intranet is sent to Intranet firewall distributing equipment, so that the Intranet firewall The positioning reference information for the mobile wireless access equipment that distributing equipment includes according to the Intranet connection request, determine described in The resident geographic area of the mobile wireless access equipment at mobile wireless access equipment, the Intranet firewall distribution are set It is standby to prevent also according to the resident geographic area of the mobile wireless access equipment and for the first Intranet of target Intranet deployment The first Intranet firewall is determined as the multiple interior of target Intranet deployment by the preset corresponding relationship of wall with flues In net firewall, the matched Intranet firewall of mobile wireless access equipment;
Receive the first IP address of the first Intranet firewall that the Intranet firewall distributing equipment is sent, and according to First IP address, Xiang Suoshu the first Intranet firewall send the first firewall connection request, so that first Intranet is anti- Wall with flues establishes connection according to the first firewall connection request and the mobile wireless access equipment;
After the Intranet access request for the target Intranet for receiving user terminal transmission, the Intranet is accessed Request routes to the intranet server of the target Intranet by the first Intranet firewall;
It is returned receiving the intranet server response Intranet access request by the first Intranet firewall Intranet request response after, the Intranet request response is sent to the user terminal.
It should be noted that the realization of each operation can also be to the phase that should refer to Fig. 2-embodiment of the method shown in Fig. 3 It should describe;The processor 501 can be also used for executing other operations in above method embodiment.
The embodiment of the present invention also provides a kind of computer storage medium, and the computer storage medium is stored with computer journey Sequence, the computer program include program instruction, and described program instruction executes the computer such as Method described in previous embodiment, the computer can connect for Intranet firewall distributing equipment or mobile wireless mentioned above Enter a part of equipment.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly It encloses, therefore equivalent changes made in accordance with the claims of the present invention, is still within the scope of the present invention.

Claims (10)

1. a kind of Intranet access method characterized by comprising
Intranet firewall distributing equipment receives the Intranet connection request for target Intranet that mobile wireless access equipment is sent, institute State the positioning reference information that Intranet connection request carries the mobile wireless access equipment;
The Intranet firewall distributing equipment determines at the mobile wireless access equipment according to the positioning reference information The resident geographic area of the mobile wireless access equipment;
The Intranet firewall distributing equipment is closed according to the preset resident geographic area and the corresponding of the first Intranet firewall System, is determined as the matched Intranet firewall of the mobile wireless access equipment for the first Intranet firewall, wherein described the One Intranet firewall is one in the multiple Intranet firewalls disposed for the target Intranet;
First IP address of the first Intranet firewall is sent to the mobile wireless by the Intranet firewall distributing equipment Access device connects so that the mobile wireless access equipment is established according to first IP address and the first Intranet firewall After connecing, user terminal is directed in the target by the first Intranet firewall by what the mobile wireless access equipment was sent The Intranet access request of net routes to the intranet server of the target Intranet, and the first Intranet firewall takes the Intranet Business device responds the Intranet request response that the Intranet access request returns and is sent to by the mobile wireless access equipment The user terminal.
2. the method as described in claim 1, which is characterized in that the method also includes:
The Intranet firewall distributing equipment obtains the resident geographic area of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines described normal from the multiple Intranet firewalls disposed for the target Intranet In the corresponding first Intranet firewall in geographic area, and establish the resident geographic area and the first Intranet firewall Corresponding relationship, the first Intranet firewall is in the mobile wireless access equipment to be in the feelings of the resident geographic area Under condition, for the nearest Intranet of mobile wireless access equipment described in distance in multiple Intranet firewalls of target Intranet deployment Firewall, or in the case where the mobile wireless access equipment is in the resident geographic area, in the target Wet end administration multiple Intranet firewalls between the mobile wireless access equipment the smallest Intranet firewall of network delay.
3. the method as described in claim 1, which is characterized in that the method also includes:
The Intranet firewall distributing equipment periodically obtains the real-time geographical locations of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines the shifting in the real-time geographical locations according to the mobile wireless access equipment When dynamic radio reception device is transferred to except the resident geographic area, Xiang Suoshu the first Intranet firewall, which is sent, is directed to the shifting The disconnecting instruction of dynamic radio reception device disconnects so that the first Intranet firewall is instructed according to the disconnecting With the connection of the mobile wireless access equipment.
4. the method as described in claim 1, which is characterized in that the Intranet firewall distributing equipment prevents first Intranet First IP address of wall with flues is sent to before the mobile wireless access equipment, further includes:
The Intranet firewall distributing equipment obtain the mobile wireless access equipment equipment identity information and/or with the shifting The terminal identity information of the user terminal of dynamic radio reception device connection;
First IP address of the first Intranet firewall is sent to the mobile wireless by the Intranet firewall distributing equipment Access device includes:
The Intranet firewall distributing equipment according to the equipment identity information is carrying out the mobile wireless access equipment After authentication passes through, and/or, in the user being connect according to the terminal identity information pair with the mobile wireless access equipment After the authentication that terminal carries out passes through, the first IP address of the first Intranet firewall is sent to the mobile wireless and is connect Enter equipment.
5. the method as described in claim 1, which is characterized in that the resident geographic area of the mobile wireless access equipment includes It is multiple;
The method also includes:
The Intranet firewall distributing equipment periodically obtains the real-time geographical locations of the mobile wireless access equipment;
The Intranet firewall distributing equipment determines the mobile wireless access equipment in institute according to the real-time geographical locations It states when switching between multiple resident geographic areas of mobile wireless access equipment, after mobile wireless access equipment switching Resident geographic area and the target Intranet the second Intranet firewall preset corresponding relationship, second Intranet is prevented Wall with flues is determined as in multiple Intranet firewalls for target Intranet deployment, and the mobile wireless access equipment switching is normal The matched Intranet firewall of institute behind geographic area;
The Intranet firewall distributing equipment is determining that the first Intranet firewall and the second Intranet firewall are inconsistent When, the second IP address of the second Intranet firewall is sent to the mobile wireless access equipment, so that the movement nothing Line access device establishes connection according to second IP address and the second Intranet firewall, and disconnects and first Intranet The connection of firewall.
6. a kind of Intranet access method, which is characterized in that the described method includes:
Mobile wireless access equipment sends the Intranet connection request for being directed to target Intranet to Intranet firewall distributing equipment, so that institute The positioning for stating the mobile wireless access equipment that Intranet firewall distributing equipment includes according to the Intranet connection request refers to Information determines the resident geographic area of the mobile wireless access equipment at the mobile wireless access equipment, described interior Net firewall distributing equipment is disposed according to the resident geographic area of the mobile wireless access equipment and for the target Intranet The first Intranet firewall preset corresponding relationship, the first Intranet firewall is determined as the target Intranet In multiple Intranet firewalls of deployment, the matched Intranet firewall of mobile wireless access equipment;
The mobile wireless access equipment receives the first Intranet firewall that the Intranet firewall distributing equipment is sent First IP address, and according to first IP address, Xiang Suoshu the first Intranet firewall sends the first firewall connection request, with The first Intranet firewall is set to establish connection according to the first firewall connection request and the mobile wireless access equipment;
The mobile wireless access equipment is in the Intranet access request for the target Intranet for receiving user terminal transmission Afterwards, the Intranet access request is routed to the intranet server of the target Intranet by the first Intranet firewall;
The mobile wireless access equipment responds the Intranet access request by described the receiving the intranet server After the Intranet request response that one Intranet firewall returns, it is whole that the Intranet request response is sent to the user End.
7. method as claimed in claim 6, which is characterized in that the resident geographic area of the mobile wireless access equipment includes It is multiple;
The method also includes:
The mobile wireless access equipment obtains the real-time geographical locations of the mobile wireless access equipment;
The mobile wireless access equipment is determining the mobile wireless access equipment described according to the real-time geographical locations When switching between multiple resident geographic areas of mobile wireless access equipment, Xiang Suoshu Intranet firewall distributing equipment, which is sent, to be carried The firewall switching request of the real-time geographical locations, so that the Intranet firewall distributing equipment connects to the mobile wireless After entering being verified of the real-time geographical locations of equipment, according to the resident geographic area after mobile wireless access equipment switching With the preset corresponding relationship of the second Intranet firewall of the target Intranet, the second Intranet firewall is determined as in needle To in multiple Intranet firewalls of target Intranet deployment, the mobile wireless access equipment switches institute behind resident geographic area Matched Intranet firewall, the Intranet firewall distributing equipment are also determining in the first Intranet firewall and described second When net firewall is inconsistent, the second IP address of the second Intranet firewall is sent to the mobile wireless access equipment;
The mobile wireless access equipment sends the second firewall to the second Intranet firewall according to second IP address Connection request, so that the second Intranet firewall is established and the mobile wireless according to the second firewall connection request The connection of access device;
The mobile wireless access equipment disconnects the connection with the first Intranet firewall.
8. a kind of mobile wireless access equipment characterized by comprising
Request transmitting unit, for sending the Intranet connection request for being directed to target Intranet to Intranet firewall distributing equipment, so that The positioning for the mobile wireless access equipment that the Intranet firewall distributing equipment includes according to the Intranet connection request is joined Information is examined, determines the resident geographic area of the mobile wireless access equipment at the mobile wireless access equipment, it is described Intranet firewall distributing equipment is according to the resident geographic area of the mobile wireless access equipment and for wet end in the target The first Intranet firewall is determined as in the target by the preset corresponding relationship of the first Intranet firewall of administration In multiple Intranet firewalls of wet end administration, the matched Intranet firewall of mobile wireless access equipment;
Connection establishment unit, for receiving the first of the first Intranet firewall that the Intranet firewall distributing equipment is sent IP address, and according to first IP address, Xiang Suoshu the first Intranet firewall sends the first firewall connection request, so that institute It states the first Intranet firewall and connection is established according to the first firewall connection request and the mobile wireless access equipment;
Message transmission unit, for receive user terminal transmission the Intranet access request for the target Intranet after, The Intranet access request is routed to the intranet server of the target Intranet by the first Intranet firewall;
The message transmission unit is also used to receiving the intranet server response Intranet access request described in After the Intranet request response that first Intranet firewall returns, it is whole that the Intranet request response is sent to the user End.
9. a kind of mobile wireless access equipment, which is characterized in that including processor, memory and communication interface, the processing Device, memory and communication interface are connected with each other, wherein the communication interface is used for sending and receiving data, the memory In storage program code, the processor executes such as the described in any item sides of claim 6-7 for calling said program code Method.
10. a kind of computer storage medium, which is characterized in that the computer storage medium is stored with computer program, described Computer program includes program instruction, and described program instruction makes the processor execute such as claim when being executed by a processor The described in any item methods of 1-7.
CN201910503580.9A 2019-06-10 2019-06-10 Intranet access method and related device Active CN110266674B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910503580.9A CN110266674B (en) 2019-06-10 2019-06-10 Intranet access method and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910503580.9A CN110266674B (en) 2019-06-10 2019-06-10 Intranet access method and related device

Publications (2)

Publication Number Publication Date
CN110266674A true CN110266674A (en) 2019-09-20
CN110266674B CN110266674B (en) 2022-08-16

Family

ID=67917687

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910503580.9A Active CN110266674B (en) 2019-06-10 2019-06-10 Intranet access method and related device

Country Status (1)

Country Link
CN (1) CN110266674B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822146A (en) * 2019-11-18 2021-05-18 中国电信股份有限公司 Network connection monitoring method, device, system and computer readable storage medium
CN115086422A (en) * 2022-06-29 2022-09-20 北京金山云网络技术有限公司 Server access method, device, storage medium and electronic equipment
WO2023130821A1 (en) * 2022-01-05 2023-07-13 西安西电捷通无线网络通信股份有限公司 Network access method and apparatus

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004318663A (en) * 2003-04-18 2004-11-11 Shimizu Corp Network management operation system
KR20070038618A (en) * 2005-10-06 2007-04-11 주식회사 케이티프리텔 Method and system for providing virtual private network services based on mobile communication and mobile terminal for the same
CN101635759A (en) * 2009-08-26 2010-01-27 深圳华为通信技术有限公司 Method and device for realizing mobile terminal firewall
CN101980486A (en) * 2010-10-12 2011-02-23 北京星网锐捷网络技术有限公司 Address library data updating method and network equipment
CN103095778A (en) * 2011-11-07 2013-05-08 北京知道创宇信息技术有限公司 Web application firewall and web application safety protection method
CN105101433A (en) * 2015-07-02 2015-11-25 深圳平安通信科技有限公司 Control server, hotspot resource sharing control method and system
US20160241596A1 (en) * 2015-02-16 2016-08-18 International Business Machines Corporation Enabling an on-premises resource to be exposed to a public cloud application securely and seamlessly
CN106772525A (en) * 2016-12-30 2017-05-31 维坤智能科技(上海)有限公司 A kind of personnel positioning networking structure based on GPRS mobile terminals
CN108989352A (en) * 2018-09-03 2018-12-11 平安科技(深圳)有限公司 Method of realizing fireproof wall, device, computer equipment and storage medium

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004318663A (en) * 2003-04-18 2004-11-11 Shimizu Corp Network management operation system
KR20070038618A (en) * 2005-10-06 2007-04-11 주식회사 케이티프리텔 Method and system for providing virtual private network services based on mobile communication and mobile terminal for the same
CN101635759A (en) * 2009-08-26 2010-01-27 深圳华为通信技术有限公司 Method and device for realizing mobile terminal firewall
CN101980486A (en) * 2010-10-12 2011-02-23 北京星网锐捷网络技术有限公司 Address library data updating method and network equipment
CN103095778A (en) * 2011-11-07 2013-05-08 北京知道创宇信息技术有限公司 Web application firewall and web application safety protection method
US20160241596A1 (en) * 2015-02-16 2016-08-18 International Business Machines Corporation Enabling an on-premises resource to be exposed to a public cloud application securely and seamlessly
CN105101433A (en) * 2015-07-02 2015-11-25 深圳平安通信科技有限公司 Control server, hotspot resource sharing control method and system
CN106772525A (en) * 2016-12-30 2017-05-31 维坤智能科技(上海)有限公司 A kind of personnel positioning networking structure based on GPRS mobile terminals
CN108989352A (en) * 2018-09-03 2018-12-11 平安科技(深圳)有限公司 Method of realizing fireproof wall, device, computer equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
谈华: "硬件防火墙在网络安全中的应用", 《电脑知识与技术(学术交流)》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822146A (en) * 2019-11-18 2021-05-18 中国电信股份有限公司 Network connection monitoring method, device, system and computer readable storage medium
WO2023130821A1 (en) * 2022-01-05 2023-07-13 西安西电捷通无线网络通信股份有限公司 Network access method and apparatus
CN115086422A (en) * 2022-06-29 2022-09-20 北京金山云网络技术有限公司 Server access method, device, storage medium and electronic equipment
CN115086422B (en) * 2022-06-29 2024-04-26 北京金山云网络技术有限公司 Server access method, device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN110266674B (en) 2022-08-16

Similar Documents

Publication Publication Date Title
CN110300117B (en) IOT device and user binding authentication method, device and medium
US8151336B2 (en) Devices and methods for secure internet transactions
RU2546610C1 (en) Method of determining unsafe wireless access point
EP2553898B1 (en) Method and system for authenticating a point of access
CN106376003B (en) Detect WLAN connection and WLAN data transmission method for uplink and its device
KR20070108337A (en) An authentication method and a relay device
CN110266674A (en) A kind of Intranet access method and relevant apparatus
CN105430059A (en) Smart client routing
CN108810993A (en) Network is sliced selection method, equipment, UE, control plane functional entity and medium
Liu et al. Security analysis of mobile device-to-device network applications
CN109561138A (en) Document down loading method and Related product
CN111132305B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN110336794A (en) A kind of Intranet access method, system and relevant apparatus
CN107182098A (en) For realizing the method and apparatus that user equipment switches between WAP
CN104253798A (en) Network security monitoring method and system
CN110336793A (en) A kind of Intranet access method and relevant apparatus
CN111093196B (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN110311785A (en) A kind of Intranet access method and relevant apparatus
CN110324826A (en) A kind of Intranet access method and relevant apparatus
CN109450849B (en) Cloud server networking method based on block chain
CN110324318A (en) A kind of Intranet access method and relevant apparatus
Nguyen et al. An SDN‐based connectivity control system for Wi‐Fi devices
CN110213769A (en) A kind of Intranet access method and relevant apparatus
CN108307683A (en) The means of communication, micro-base station, micro-base station controller, terminal and system
CN111163466A (en) Method for 5G user terminal to access block chain, user terminal equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant